How to Find Vulnerabilities for Any Website Using Nikto?

-



There are a number of tools and applications to find vulnerabilities in websites, but one of the simplest (and one of my favorites) is nikto.
This small and simple tool examines a website and reports back to you the potential vulnerabilities that it found that you could use to exploit or hack the site. In addition, it’s one of the most widely used website vulnerabilities tools in the industry and in many circles considered the industry standard.
Although this tool is extremely useful and effective, it is NOT stealthy. Any website with an IDS or other security measures in place will detect that you are scanning it. Originally designed for security testing, it was never meant to be stealthy.

Step 1Fire Up Kali & Open Nikto

Let’s fire up Kali and get started with nikto. Once we have Kali up and running, go to Kali Linux -> Vulnerability Analysis -> Misc Scanners -> nikto, like in the screenshot below.
Image via wonderhowto.com
Although there are many options in using nikto, we will limit ourselves here to the basic syntax, such as this:
  • nikto -h <IP or hostname>

Step 2Scan the Web Server

Let’s start with a safe web server on our own network. In this case, I have started the http service on another machine on my network. There is not a website hosted by this machine, just the web server. Let’s scan it for vulnerabilities by typing:
  • nikto -h 192.168.1.104
Nikto responds with a lot of information, as you can see below.
First, it tells us the server is Apache 2.2.14, probably on Ubuntu. It nailed this info and gives up more information on other potential vulnerabilities on this web server.
Note near the bottom that it identifies some vulnerabilities with the OSVDB prefix. This is the Open Source Vulnerability Database. This is a database maintained of known vulnerabilities at http://www.osvdb.org, in addition to other databases I covered, such as SecurityFocus and Microsoft’s Technet.

Step 3Scan the Site

Let’s try another site. In an earlier tutorial, we had hacked a web server named webscantest.com. Let’s see what nikto can tell us about this site.
  • nikto -h webscantest.com
Once again, it identifies the server (Apache) and then proceeds to identify numerous potential vulnerabilities pre-fixed with OSVDB. We can take a look at that website at www.osvdb.org to learn more about these vulnerabilities.
Now, let’s use this site to find information on one of the vulnerabilities identified by nikto as OSVDB-877. We can put that reference number into the search function and it retrieves the following page.
Note, in lower half of this page there are cross-references to the various information sources about this vulnerability, as well as references to tools and filters such as Nikto, Nessus, and Snort.

Scan WonderHowTo

Let’s scan a few more sites and see what it can tell us about these sites. Let’s see what we can find out about our own website, www.wonderhowto.com.
  • nikto -h wonderhowto.com
As you can see, it tells us that WonderHowTo is using Microsoft’s IIS 8.5 as a web server and then lists numerous potential vulnerabilities.
However, any attempt to exploit the vulnerabilities listed will reveal that they’re all false-positives, as WonderHowTo simply returns a harmless 404 page. This is because WonderHowTo is not built on php or asp as the noted exploits expect.
False positives like this can appear because the scan does not actually execute each of the possible vulnerabilities, but rather scans to see if the server responds without error to known exploitable URLs.

Scan Facebook

Finally, lets point nikto at www.facebook.com.
  • nikto -h facebook.com
As you can see, Facebook is tightly secured with few vulnerabilities. As you can imagine, if Facebook weren’t secure, every script-kiddie on the planet would be hacking it to see who his true love is chatting with online.\

thnks

Comments

Post a Comment

Popular posts from this blog

wifi attack with kali linux

-
Image
Prerequisites Kali Linux Prior experience with wireless hacking You will also need to install a tool (bridge utils) which doesn't come pre-installed in Kali. No big deal- apt-get install bridge-utils Objectives The whole process can be broken down into the following steps- Finding out about the access point (AP) you want to imitate, and then actually imitating it (i.e. creating another access point with the same SSID and everything). We'll use airmon-ng for finding necessary info about the network, and  airbase-ng to create it's twin . Forcing the client to disconnect from the real AP and connecting to yours. We'll use aireplay-ng to deauthenticate the client, and strong signal strength to make it connect to our network. Making sure the client doesn't notice that he connected to a fake AP. That basically means that we have to provide internet access to our client after he has connected to the fake wireless network. For that we will need to have i...
Read more

how to clone a simcard ???

-
Image
Cloning a card: Sim cards are manufactured on the basis of 3 algorithms COMP128v1,COMP128v2 and COMP128v3 now an important note currently only COMP128v1 version sim cards can be cloned ,since this is the only algorithm which has been cracked by users, bear in mind that 70% of all the sim cards we use are COMP128v1 . 1. Buy a SIM card Reader 2. Need a Blank SIM card or super SIM card 3. Download and install MagicSIM 4. Download and install USB SIM Card Reader Software 3.0.1.5 6. Go in phone tools, select SIM card, then select unlock SIM, it will prompt for a code. 7 Call network provider, they will ask for your phone number, your account info, name and security code, then they will ask why you want to unlock your SIM card, just tell them you need to unlock your SIM to get it to work with your overseas phone or something. 8. Once they give you the SIM unlock code, enter it, and it will say SIM unlocked. 9. Remove the SIM from your phone, place it in the card...
Read more